Monday, October 29, 2007

Does Ron Paul suddenly have a strong support base among foreign computer owners with strange names and multiple personalities? or is it possible we have the First 2008 Presidential Spam Campaign?

I thought it odd when I logged in to my computer this morning and found an email in which someone declared Ron Paul to be the winner of the Republican Debate yesterday, but then, I have all sorts of odd friends. By the time I had received my fifteenth copy of the email, I knew this was something more than a deluded pseudo-Republican. I thought at first this was a virus, but now it seems to be a plain ole Spam Campaign.

The question, I suppose, is what should be done about it? Will we see fans of other campaigns hiring out spam campaigns devoted to extolling the views and records of their candidates? Will there be an evolving message body on the Ron Paul spam to keep pace with the upcoming events on the campaign trail? Its too early to tell, but we will continue to document the trend from the Spam Lab at UAB.

Here's the body of the email . . .

Hello Scott,

Ron Paul is for the people, unless you want your children to have human implant RFID chips, a National ID card and create a North American Union and see an economic collapse far worse than the great depression. Vote for Ron Paul he speaks the truth and the media and government is afraid of him. This is the last honest politican left to bring this country out of this rut from the War Profiteers and bush Administration has created. Get motivated America, don't believe the lies of the media he has also WON the GOP Debate On Sunday! Value Freedom and Liberty instead of corporate lies and corruption. Bypass this media blackout they are doing to Ron Paul, tell your family and friends and get involved in a local group at meetup.com make your voice heard! He will end the War In Iraq immediately, He will eliminate the IRS and wasteful government spending, and eliminate the Federal Reserve and restore power to the people and the only person not a member on the CFR. Can any other runner make these claims or give Americans the true freedom we were all raised to believe? We are all economic slaves to the banks and the illegal federal Reserve. This is why our currency is worth nothing because of Hidden Inflation Tax and the IRS taking everything you make!

** RON PAUL WILL STOP THE IRAQ WAR IMMEDIATELY! **

He has NEVER voted: * to raise taxes * for an unbalanced budget * to raise congressional pay * for a federal restriction on gun ownership * to increase the power of the executive branch

He HAS voted: * against the Iraq war * against the inappropriately named USA PATRIOT act * against regulating the internet * against the Military Commissions Act

He will eliminate the IRS, Wasteful Government Spending & Stop The Iraq War Immediately!

Most importantly, he voted NO on anything in Congress that is not allowed by the Constitution. And he Despises any politican that does not do their job for the people and lives up to the constitution!

Google.com & Youtube.com Search: "Ron Paul" Join The Revolution!

*************************************** We Need A Real President That Will Restore And Protect Americans! Stop The War! Protect Our Borders! *********VOTE RON PAUL 2008************ubPOJg

The subject line seems to be selected from a small number of subject lines, and then appended with a random character cluster (perhaps to break spam filters?):

Subject lines:

Vote Ron Paul 2008! ZyhYKbw

Iraq Scam Exposed, Ron Paul TLshVzn

Ron Paul Exposes Federal Reserve bpIHP

Ron Paul Stops Iraq War! gPsLhM

Iraq Scam Exposed, Ron Paul wjtsLBp

Ron Paul Stops Iraq War! LcskHxT

Government Wasteful Spending Eliminated by Ron Paul vpntZRr

Vote Ron Paul 2008! pboLKjr

Who Is Ron Paul? ZTobxay

Ron Paul Exposes Federal Reserve JrZXihF

Ron Paul Stops Iraq War! LyNdrha

Ron Paul Eliminates The IRS! fiqfRZZ

Government Wasteful Spending Eliminated by Ron Paul BtkmlDF

Ron Paul Wins GOP Debate! HMzjoqO

Ron Paul Exposes Federal Reserve SBHBcSO

Government Wasteful Spending Eliminated By Ron Paul mEoHUiR

Government Wasteful Spending Eliminated By Ron Paul HRAyaaI

The spam seems to invent a random first and last name, and combine that with a true email address from the infected machine. Here are sample senders from my inbox:

Friday, October 26, 2007

IskorpitX, the tutor of an entire generation of Turkish hackers, will shortly be able to claim that he has broken into 200,000 websites. (He's currently at 191,000 according to one popular hacker watching website).

Brasilian hacker, Fatal Error, runs a distant second, having broken in to "only" 32,000 websites according to the same source.

Wouldn't you say that would make them "targets of interest" for law enforcement activity? Sadly, that is not the case. Perhaps, you think to yourself, they have only attacked "low value" websites. Perhaps they are brand new to the scene? If only that were the case! Fatal Error, who lists many US Government websites, and even my home state of Alabama government websites, among his victims, has been actively attacking websites since 2002.

IskorpitX has been defacing websites since at least 2003, and has the governments of Argentina, Australia, Brazil, China, Columbia, France, India, Italy, Korea, Malaysia, Peru, the Philippines, Thailand, Venezuela and South Africa among his many victims. Of course the US government is on the list as well (such as the National Endowment for the Humanities), as well as Harvard University and Bank of America.

IskorpitX even has his own YouTube videos!

http://www.youtube.com/watch?v=ahqSeJvM2XU

http://www.youtube.com/watch?v=jTah9ckvV3Y

Other Turkish "Cyber Warriors" have even done television news interviews about why they hack websites!

http://www.youtube.com/watch?v=w4QgEsuTZrM

Here's one interesting hacker this week and the victims which are still laying around in Google's Cache:

I found it interesting because this hacker is doing SQL Exploits such as we've seen on several high profile attacks in the past including the National Institutes of Health and the United Nations. In this case, a content management system is being SQL injected to replace "titles" of things with the name of the hacker.

Google for the string "OwneD by RootDamages by FasT", and you'll find some interesting victims among the 26,100 pages being returned.

How about The Department of Veterans Affairs and their Cooperative Studies program?

www.vacsp.gov/news.cfmwww.csp.gov/news.cfm

(Although the Malaysian government also got a visit:

www.mygeoportal.gov.my/faq.cfm

Or the Michigan Bar Association?

www.michbar.org/news.cfm

Systems Integrator "Regan Technologies"?

www.rtcorp.com/news.cfm

The Esalen Center for Theory & Research still has pages with the title "OwneD by RootDamages by FasT", such as:

But they weren't just limited to News articles. I think I'd feel very safe using a shopping cart where every product in the online store had been renamed to "OwneD by RootDamages by FasT", such as those at MetroPole360:

http://www.metropole360.com/productcat.cfm?productCatID=3

But you don't have to be a business to have an insecure webserver. Just ask the National Limousine Association, or the NorWest Dog Training Club:

Monday, October 15, 2007

Have you seen the television show "Are You Smarter Than a Fifth Grader?" I've been thinking about a variation of that question as I consider the newest version of The Storm Worm.

This morning on the "Good Morning, Alabama" show as I discussed the Storm Worm, the weatherman laughed and said "Fortunately, I pretty much stay awy from laughing cats". So do most adults with bank accounts. Ask the question another way though. "Is there anyone who uses your computer who is into laughing cats?"

Twenty of the Twenty-nine anti-virus products I scanned this particular virus with (using Virus Total), did not report an infection. As of this writing, ClamAV, F-Prot, F-Secure, Microsoft, Panda, and Symantec were among the anti-virus programs who said "No Virus Found" to this current malware. ( Click for Results of this scan.)

Previous versions of the Storm Worm have used things such as Greeting Cards, an NFL Game Tracker, Labor Day greetings, Fourth of July greetings, and even Virus Alerts as means to trick people into visiting the malware site.

UAB's Computer Forensics research area will continue to study and document the storm worm until we can find a way to identify the criminals and bring them to justice.